<?php
/**
	Author: Rick Allen
	Email: allenr@msoe.edu
	Created: July 20, 2008
	
	The mysql file defines an object that handles database queries to mysql
*/
class Database
{
	/*
	Create some variables
	*/
	private $connection; //The connection to the database
	private $query;	//The current query result
	private $count;	//The count of queries run
	private $string; //the last query string sent through
	
	/**
	The contructor method
	
	@reqparam $host string 	The host to connect to
	@reqparam $user string 	The Username to use while connecting to the database
	@reqparam $pass string 	The Password to use while connection to the database
	@reqparam $db string 	The Name fo the database to connect to
	*/
	public function __construct($host, $user, $pass, $db)
	{
		$this->connection = mysql_connect($host, $user, $pass);
		
		mysql_select_db($db, $this->connection);
		
		$this->count	= 0;
	}
	
	/**
	The destructor method baically closes the sql connection
	*/
	public function __destruct()
	{
	
		mysql_close($this->connection);
		
		unset($this->count, $this->query, $this->connection);
	}
	
	/**
	This method prevents SQL injection by escaping quotes and html
	
	@reqparam $param string The parameter to inspect
	@optparam $length int|NULL The maximum length of the field
	@return string The secured parameter
	*/
	public function escape($param, $length=NULL)
	{
		if(!is_null($length)) $param = substr($param, 0, $length);
		
		$param = mysql_real_escape_string(trim($param), $this->connection);
		
		return $param;
	}
	
	/**
	This method prevents SQL injection by escaping quotes and html,
	it also removes anything that desn't match the given regular expression
	
	@reqparam $param string The parameter to inspect
	@optparam $length int|NULL The maximum length of the field
	@return string The secured parameter
	*/
	public function escapeRegExp($param, $regExp, $length=NULL)
	{
		$param = preg_replace($regExp, "", $param);
		$param = $this->escape($param, $length);
		
		return $param;
	}
	
	/**
	A Less secure version of escape that allows for html tags
	
	@reqparam $param string The parameter to inspect
	@return string The secured parameter
	*/
	public function escapeHTML($param)
	{
		$param = mysql_real_escape_string(stripslashes(trim($param)), $this->connection);
			
		return $param;
	}
	
	/**
	This method prevents SQL injection by limiting the string to only numbers
	
	@reqparam $param string The parameter to inspect
	@optparam $length int|NULL The maximum length of the field
	@return string The secured parameter
	*/
	public function escapeInt($param, $length=NULL)
	{		
		//do our default prevention
		$param = $this->escape($param, $length);
		
		//check if this was negative
		$isNegative = (substr($param, 0, 1) == "-");
		
		//remove anything thats not a 0-9
		$param = preg_replace("/[^1234567890-]/", "", $param);
		
		//check again to see if it was negative
		if($isNegative)
			$param = "-" . $param;
		
		return intval($param);
	}
	
	/**
	This method prevents SQL injection by limiting the string to only numbers and characters
	
	@reqparam $param string The parameter to inspect
	@optparam $length int|NULL The maximum length of the field
	@return string The secured parameter
	*/
	public function escapeAlphaNum($param, $length=NULL)
	{		
		//remove anything thats not a 0-9
		$param = preg_replace("/[^A-Z0-9-_]/i", "", $this->escape($param, $length));
		
		return $param;
	}
	
	/**
	Query the database
	
	$reqparam $query string The query string
	@return QueryResult The query result
	*/
	public function query($query)
	{
		$this->count++;
		
		//free the last result
		if($this->query && strtolower(substr($this->string, 0, 6)) == "select")
			mysql_free_result($this->query);
			
		$this->query = mysql_query($query, $this->connection);
		$this->string = trim($query);
		
		return $this->query;
	}
	
	/**
	echo the last query staring
	*/
	public function out()
	{
		echo $this->string;
		echo $this->error();
	}
	
	/**
	Gets the identity of the last inserted row
	*/
	public function getInsertID()
	{
		return mysql_insert_id($this->connection);
	}
	
	/**
	fetch the next record in the previous or specified query
	
	@optparam $query QueryObject the query to loop through
	*/
	public function fetch($query = NULL)
	{
		if(is_null($query))
			$query = $this->query;
			
		return mysql_fetch_assoc($query);
	}
	
	/**
	Get the number of results from the previous or specified query
	
	@optparam $query QueryObject The query to count
	
	@return int the number of rows in the previous ro specified query
	*/
	public function num($query = NULL)
	{
		if(is_null($query))
			return mysql_num_rows($this->query);
		else
			return mysql_num_rows($query);
			
	}
	
	/**
	Get the number of affected rows from the last query
	
	@return int the number fo rows affected by the last query
	*/
	public function affected()
	{
		return mysql_affected_rows($this->connection);
	}
	
	/**
	Return an error if there was one
	
	@return string the error
	*/
	public function error()
	{
		return mysql_error($this->connection);
	}
}